| Category | Details |
|---|---|
| Threat Actors | International cybercriminal group, potentially ransomware-as-a-service syndicate. |
| Campaign Overview | Breach of Rhode Island’s RIBridges system in December 2024, targeting health and benefits data, followed by ransom demands. |
| Target Regions | Rhode Island, USA. |
| Methodology | Access through an online account; lateral movement to replication infrastructure; exfiltration of core data before encryption. |
| Product Targeted | RIBridges (Rhode Island Benefits System), core replication servers. |
| Malware Reference | Unnamed ransomware and malware detected in file folders during the attack. |
| Tools Used | Ransomware, malware for data exfiltration and encryption, potentially RaaS infrastructure. |
| Vulnerabilities Exploited | Likely weak credentials or misconfigured online accounts enabling lateral movement. |
| TTPs | Credential compromise, lateral movement, data exfiltration, encryption for ransom. |
| Attribution | Sophisticated criminal syndicate; possibly ransomware-as-a-service operators. |
| Recommendations | 1. Freeze credit and enable multi-factor authentication. 2. Strengthen passwords. 3. Monitor for identity theft or fraud. |
| Source | Hackread |
Read full article: https://hackread.com/hackers-leak-partial-cisco-data-4-5tb-exposed-records/
The above summary has been generated by an AI language model
Leave a Reply